Hi, I am little bit confused, sorry. EntityID / Client generation / FQDN: both three are in three sectors like SAML / OpenID connect / Networking. Can you please describe your question a bit?

Hello, in my case I am talking about OIDC and SAML. Thanks, Thomas

Yes, It uses hashing to create an unique and non-guessable string that helps to keep safe from third-parties. Thanks, Regards ~ Shakil

Hello @Mobarak Hosen.Shakil! Thanks for getting back to me. Can you explain the threat model here? What is the threat this is protecting against? If the secret is the thing that is not guessable, what additional protection comes with the attacker not knowing the entity ID? Are there any documents you can point me to? Is this something only Gluu does or is it a defacto standard? I think Keycloak for example lets you choose the entity ID. Is this a risky practice and if so, why? If the there is no imminent risk by being able to choose the entity ID this would help us greatly in preconfiguring systems before they get onboarded to Gluu.

Hi Thomas, Actually, I think it's better if you can book a call here: https://gluu.org/booking There are lot of things to discuss which is not sufficient in ticket comment. Regards ~ Shakil